| View previous topic :: View next topic |
| Author |
Message |
cezar.serban
n00b
Joined: 08 Aug 2013
Posts: 11
|
 Posted: Tue Aug 20, 2013 5:01 pm Post subject: [SOLVED] NAT Kernel support |
 |
|
Hello.
I am trying to use NAT on a Gentoo router. However it seems the kernel does not support this function, and I am at my wit's end trying to find out how to add it.
| Code: | iptables v1.4.16.3: can't initialize iptables table `nat': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded. |
I tried compiling the kernel with the options in the following wiki page but I cannot find the modules listed (the page was update in 2008, I suppose the structure has changed): http://www.gentoo-wiki.info/HOWTO_quick_routing
The only kernel option I found was : Netfilter connection tracking support and not the others.
Kernel : 3.8.13-gentoo #11 SMP Tue Aug 20 11:28:12 EEST 2013 i686 Intel(R) Xeon(TM) CPU 2.80GHz GenuineIntel GNU/Linux
zgrep FILTER /proc/config.gz
| Code: | CONFIG_HAVE_ARCH_SECCOMP_FILTER=y
CONFIG_NETFILTER=y
CONFIG_NETFILTER_DEBUG=y
CONFIG_NETFILTER_ADVANCED=y
CONFIG_BRIDGE_NETFILTER=y
CONFIG_NETFILTER_NETLINK=y
CONFIG_NETFILTER_NETLINK_ACCT=y
CONFIG_NETFILTER_NETLINK_QUEUE=y
CONFIG_NETFILTER_NETLINK_LOG=y
# CONFIG_NETFILTER_TPROXY is not set
CONFIG_NETFILTER_XTABLES=y
CONFIG_NETFILTER_XT_MARK=y
# CONFIG_NETFILTER_XT_SET is not set
# CONFIG_NETFILTER_XT_TARGET_CHECKSUM is not set
CONFIG_NETFILTER_XT_TARGET_CLASSIFY=y
# CONFIG_NETFILTER_XT_TARGET_DSCP is not set
CONFIG_NETFILTER_XT_TARGET_HL=y
# CONFIG_NETFILTER_XT_TARGET_HMARK is not set
# CONFIG_NETFILTER_XT_TARGET_IDLETIMER is not set
# CONFIG_NETFILTER_XT_TARGET_LOG is not set
CONFIG_NETFILTER_XT_TARGET_MARK=y
CONFIG_NETFILTER_XT_TARGET_NFLOG=y
CONFIG_NETFILTER_XT_TARGET_NFQUEUE=y
# CONFIG_NETFILTER_XT_TARGET_RATEEST is not set
# CONFIG_NETFILTER_XT_TARGET_TEE is not set
# CONFIG_NETFILTER_XT_TARGET_TRACE is not set
# CONFIG_NETFILTER_XT_TARGET_SECMARK is not set
# CONFIG_NETFILTER_XT_TARGET_TCPMSS is not set
# CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP is not set
CONFIG_NETFILTER_XT_MATCH_ADDRTYPE=y
CONFIG_NETFILTER_XT_MATCH_COMMENT=y
CONFIG_NETFILTER_XT_MATCH_CPU=y
# CONFIG_NETFILTER_XT_MATCH_DCCP is not set
# CONFIG_NETFILTER_XT_MATCH_DEVGROUP is not set
# CONFIG_NETFILTER_XT_MATCH_DSCP is not set
CONFIG_NETFILTER_XT_MATCH_ECN=y
# CONFIG_NETFILTER_XT_MATCH_ESP is not set
# CONFIG_NETFILTER_XT_MATCH_HASHLIMIT is not set
CONFIG_NETFILTER_XT_MATCH_HL=y
CONFIG_NETFILTER_XT_MATCH_IPRANGE=y
CONFIG_NETFILTER_XT_MATCH_LENGTH=y
CONFIG_NETFILTER_XT_MATCH_LIMIT=y
CONFIG_NETFILTER_XT_MATCH_MAC=y
CONFIG_NETFILTER_XT_MATCH_MARK=y
CONFIG_NETFILTER_XT_MATCH_MULTIPORT=y
CONFIG_NETFILTER_XT_MATCH_NFACCT=y
# CONFIG_NETFILTER_XT_MATCH_OSF is not set
# CONFIG_NETFILTER_XT_MATCH_OWNER is not set
CONFIG_NETFILTER_XT_MATCH_POLICY=y
# CONFIG_NETFILTER_XT_MATCH_PHYSDEV is not set
CONFIG_NETFILTER_XT_MATCH_PKTTYPE=y
# CONFIG_NETFILTER_XT_MATCH_QUOTA is not set
# CONFIG_NETFILTER_XT_MATCH_RATEEST is not set
CONFIG_NETFILTER_XT_MATCH_REALM=y
# CONFIG_NETFILTER_XT_MATCH_RECENT is not set
# CONFIG_NETFILTER_XT_MATCH_SCTP is not set
CONFIG_NETFILTER_XT_MATCH_STATISTIC=y
# CONFIG_NETFILTER_XT_MATCH_STRING is not set
# CONFIG_NETFILTER_XT_MATCH_TCPMSS is not set
# CONFIG_NETFILTER_XT_MATCH_TIME is not set
# CONFIG_NETFILTER_XT_MATCH_U32 is not set
CONFIG_IP_NF_MATCH_RPFILTER=y
CONFIG_IP_NF_FILTER=y
CONFIG_IP_NF_ARPFILTER=y
CONFIG_BRIDGE_EBT_T_FILTER=y |
zgrep NAT /proc/config.gz
| Code: | CONFIG_ARCH_HIBERNATION_POSSIBLE=y
# CONFIG_HIBERNATION is not set
CONFIG_BRIDGE_EBT_T_NAT=y
CONFIG_BRIDGE_EBT_DNAT=y
CONFIG_BRIDGE_EBT_SNAT=y
CONFIG_NET_VENDOR_NATSEMI=y
# CONFIG_NATSEMI is not set
# CONFIG_NATIONAL_PHY is not set
CONFIG_CHECK_SIGNATURE=y |
I have searched around as other people have had the same problem but I have had found a clear answer. Is the structure for menuconfig in /usr/src/linux different in gentoo than in other distributions?
IPTABLES works for the most part, with public addresses but I require NAT support as well.
Last edited by cezar.serban on Wed Aug 21, 2013 3:24 pm; edited 1 time in total |
|
| Back to top |
|
 |
eccerr0r
Watchman
Joined: 01 Jul 2004
Posts: 9882
Location: almost Mile High in the USA
|
| Posted: Tue Aug 20, 2013 6:40 pm Post subject: |
|
|
Also check the _NF_ options like CONFIG_IP_NF_IPTABLES ? This may be new to 3.8.
Warning: I haven't tested my NAT on 3.8.x recently so I'm not even sure if it still works...
_________________
Intel Core i7 2700K/Radeon R7 250/24GB DDR3/256GB SSD
What am I supposed watching? |
|
| Back to top |
|
|
cezar.serban
n00b
Joined: 08 Aug 2013
Posts: 11
|
| Posted: Tue Aug 20, 2013 6:56 pm Post subject: |
|
|
Thanks for the advice. I will try and compile all kernel options using another router with an older kernel which has NAT capabilities and hopefully I'll be able to get it working.
Even though the kernel is relatively new, I doubt IPTABLES stopped being able to provide this functionality. |
|
| Back to top |
|
|
Hu
Administrator
Joined: 06 Mar 2007
Posts: 23064
|
| Posted: Tue Aug 20, 2013 10:27 pm Post subject: |
|
|
| Did you enable NF_CONNTRACK_IPV4? |
|
| Back to top |
|
|
CleanTestr
n00b
Joined: 15 Jan 2013
Posts: 47
Location: somewhere in Rural Nebraska, USA
|
| Posted: Wed Aug 21, 2013 7:05 am Post subject: |
|
|
I'm on 3.8.13 multi-lib, and I don't use NAT (but I use Iptables), so:
zgrep NAT /proc/config.gz
CONFIG_HIBERNATION=y
# CONFIG_NF_NAT_IPV4 is not set
# CONFIG_NF_NAT_IPV6 is not set
CONFIG_NET_ACT_NAT=m
_________________
Stan: A signal? Why didn't you wake me?
790: It was a distress signal. They only lead to trouble, so I always ignore them. --Lexx |
|
| Back to top |
|
|
cezar.serban
n00b
Joined: 08 Aug 2013
Posts: 11
|
| Posted: Wed Aug 21, 2013 3:34 pm Post subject: |
|
|
I managed to compile the necessary modules. If anyone is interested:
| Code: | Symbol: NF_NAT_IPV4 [=y]
Type : tristate
Prompt: IPv4 NAT
Defined at net/ipv4/netfilter/Kconfig:146
Depends on: NET [=y] && INET [=y] && NETFILTER [=y] && IP_NF_IPTABLES [=y] && NF_CONNTRACK_IPV4 [=y]
Location:
-> Networking support (NET [=y])
-> Networking options
-> Network packet filtering framework (Netfilter) (NETFILTER [=y])
-> IP: Netfilter Configuration
-> IP tables support (required for filtering/masq/NAT) (IP_NF_IPTABLES [=y])
Selects: NF_NAT [=y] |
Actually,I just compiled everything in IP: Netfilter Configuration in order to make sure. Also some in Core Netfilter Configuration, but I doubt they were needed.
zgrep -i NAT /usr/src/linux/.config
CONFIG_ARCH_HIBERNATION_POSSIBLE=y
# CONFIG_HIBERNATION is not set
CONFIG_NF_NAT=y
CONFIG_NF_NAT_NEEDED=y
# CONFIG_NF_NAT_AMANDA is not set
# CONFIG_NF_NAT_FTP is not set
# CONFIG_NF_NAT_IRC is not set
# CONFIG_NF_NAT_SIP is not set
# CONFIG_NF_NAT_TFTP is not set
CONFIG_NF_NAT_IPV4=y
# CONFIG_NF_NAT_PPTP is not set
# CONFIG_NF_NAT_H323 is not set
CONFIG_BRIDGE_EBT_T_NAT=y
CONFIG_BRIDGE_EBT_DNAT=y
CONFIG_BRIDGE_EBT_SNAT=y
CONFIG_NET_VENDOR_NATSEMI=y
# CONFIG_NATSEMI is not set
# CONFIG_NATIONAL_PHY is not set
# Native drivers
CONFIG_CHECK_SIGNATURE=y
zgrep -i IPv4 /usr/src/linux/.config
CONFIG_NF_DEFRAG_IPV4=y
CONFIG_NF_CONNTRACK_IPV4=y
CONFIG_NF_NAT_IPV4=y
Thank you for all your input. I have marked the thread as solved. |
|
| Back to top |
|
|
|
Networking & Security
